Actions
Feature #7485
closed
VJ
VJ
rules: allow specifying explicit hooks
Feature #7485:
rules: allow specifying explicit hooks
Effort:
Difficulty:
Label:
Description
Currently specifying where a rule is hooked into the detection engine is not very easy to understand or control. The idea is to give the rule writer full control over this.
The 2nd field in the rule is the protocol. In some cases, a bit of a hook like control is provided here. Esp the "tcp-pkt" and "tcp-stream" provide this type of control.
In application layer protocols, there should be a minimum set of hooks, plus protocol specific sets.
- dns:request_complete -- tx is complete in the request direction
- dns:response_complete -- tx is complete is the response direction
- http:request_complete
- http:response_complete
VJ Updated by Victor Julien over 1 year ago
- Related to Optimization #4753: lua: fix inconsistency in the init "needs" key added
VJ Updated by Victor Julien over 1 year ago
- Related to Story #7164: usecase: improve firewall usecase added
VJ Updated by Victor Julien over 1 year ago
- Status changed from New to In Progress
- Target version changed from TBD to 8.0.0-beta1
Got a working minimal prototype going.
VJ Updated by Victor Julien about 1 year ago
- Related to Feature #7514: rules: add file specific hooks added
VJ Updated by Victor Julien about 1 year ago
- Related to deleted (Story #7164: usecase: improve firewall usecase)
VJ Updated by Victor Julien about 1 year ago
- Blocks Story #7164: usecase: improve firewall usecase added
VJ Updated by Victor Julien about 1 year ago
- Status changed from In Progress to In Review
SB Updated by Shivani Bhardwaj about 1 year ago
- Status changed from In Review to Closed
Closed by: https://github.com/OISF/suricata/pull/12962
Actions